Sie sind auf Seite 1von 6

== Prerequesites:

! I really dont remmember all information like the exact IP, names and the questions, but tried to write
all important information I also recommend Install Virtualbox Redhat ISO/Centos and tried the
scenarios and do some study, cause within the 120 minutes you dont have time for manual searching

= station configuration is DHCP, 172.24*/24, FQDN =

= Configure repo

the http server where the repo is configured is the the RHCE lab description also the root PWD, dont
change the root PWD

vi /etc/yum.repos.d/http.repo
gpgcheck=0 --> important parameter

yum makecache
yum repolist

= Install all important tools

yum install system-config-*
yum search policycoreutils-gui*
yum search samba-client* --> smbclient is not installed by default

= Iptables

All iptables configuration was done over Firewall GUI enable Ports HTTP, NFS, SSH, NFS, FTP, SMB
System -> Administration -> Firewall

I recommended before testing changes, restart the deamon for FTP/SMB/NFS to be sure

== 1. Enable enforcing mode in Redhat

yum install policycoreutils-gui*
System -> Administration -> SELinux Management - set enforcing mode and restart system

== 2. Enable IP forwarding
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p --> activate configuration from /etc/sysctl.
cat /pro/sys/net/ipv4/ip_foward -> 1

== 3. SSH access (/etc/hosts.allow and deny), grant and deny SSH
sshd: --> . before domain is important matches all before could be also written
as *

== 4. FTP only users from domain should have access to FTP, and users should
be able to download files from FTP.
yum install vsftpd
chkconfig vsftpd on
/etc/init.d/vsftpd start
Anonymous users should be grant read access by default but check /etc/vsftpd/vsftpd.conf to be sure
anonymous_enable = yes

add line
vsftpd: ALL EXCEPT

== 5. Share /groupdir with SAMBA, workgroup STAFF or something else, share should be browsable,
read only and only user barry should be able to connect to it, also only users from should be able to connect, also the user barry should have a SAMBA PWD

yum grouplist | grep CIFS

yum installgroup "CIFS file server"
chkconfig smb on
chkconfig nmb on
/etc/init.d/smb start
/etc/init.d/nmb start
vi /etc/samba/smb.conf
workgroup = STAFF

path = /groupdir
public = no
browseable = yes
read list = barry
valid users = barry
read list = barry
read only = yes
hosts allow = 172.24.56. --> dont forget the ., didnt worked

smbpasswd -a barry --> type password

chcon -R --reference=/var/ftp/pub /groupdir --> give /groupdir share a SElinux permission

getsebool -a | grep samba | grep ro
samba_domain_controller --> off
samba_export_all_ro --> off
setsebool -P samba_export_all_ro 1 --> activates SMB for read-only access
smbclient // -U barry --> then type PWD, you should get the
smbclient prompt
smbclient -L -U barry

== 6. Configure web server,, download with ftp from some ftp://
the station.html and rename it to index.html and put /var/www/html

yum instlal elinks --> like this tool

yum install http*
chkconfig httpd on
/etc/init.d/httpd start

vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80> --> I dont really know the difference between *:80 and, there were
sites regarding RHCE which used * and some with the IP
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/html

chcon -R --reference=/var/www/html /var/www/html/ --> just to be sure that the copied index.html
recieves the right SElinux permissions
test http with elinks and type "g" and

== 7. extend the http configuration create a virtualhost with, path

/var/www/virtual, there is some file on ftp:// which must be downloaded and copied into
/var/www/virtual as index.html

vi /etc/httpd/conf/httpd.conf
add lines
<VirtualHost *:80>
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/virtual

and uncomment the

NameVirtualHost *:80

chcon -R --reference=/var/www/html /var/www/virtual/

== 8. create confidential folder in the web server and the user chucky should be able to add files, this
folder must be recheable only from, also there is some file on ftp which
must be copied into confidential

Now this task is a bit not specific to which server you should add the Directory I added it to virtual,
according to some other guys it should be the www folder. Choose

<VirtualHost *:80>
DirectoryIndex index.html --> I dont recommend using this parameter
DocumentRoot /var/www/virtual
<Directory /var/www/html/confidential>
Order Deny,Allow --> found that this definiton is the right one, again Im open minded if Im wrong
Deny from localhost
Allow from

The new part is <Directory>

chcon -R --reference=/var/www/html /var/www/virtual/confifential --> again dont forget

in elinks and should show

different content

== 9. Set up NFS server and allow NFS access only for, share folder /groupdir

yum install nfs*

chkconfig nfs on

vi /etc/exports
/groupdir *,sync)

exportfs -rva

Now check exports with showmount -e

There is a task that there should work and automounter so and it should be mounted under

chkconfig autofs on
vi /etc/auto.master
/share /etc/auto.share

vi /etc/auto.share -soft,intr,sync

service autofs restart

test it with cd /share/, this should be automatically mounted, the folders
will be created by autofs.

== 10. configure SMTP, for localhost and remote users

vi /etc/postfix/
myhostname = --> uncomment this
mydomain = --> uncomment this
myorigin --> this must stay commented out!!!

inet_interfaces = all --> uncomment this one out

#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost --> comment this one out

now test the mail for user barry, or some other localuser
Subject: kukuk
hi there barrrrry

su - barry
mail --> displays mails, check then with ENTER

== 11. configure user natasha to receive mails as admin

vi /etc/aliases
admin: natasha


mail --> test it, this should send the mail to admin, that is
according the definition natasha should receive the mail
su - natasha

== 12. configure iSCSI, the iSCSI is located on, create a 1500MB drive
mounted it and copy some file from ftp:// to it, persist the disk even after reboot, mount the iSCSI
under /mnt/iscsi_disk

yum install iscsi*

iscsiadm -m discovery -t st -p

shows something like iqn................copy the whole string
iscsiadm -m node -T ign...... -p -l

tail -f /var/log/messages --> check for a new drive, something like sda/sdb
fdisk -l /dev/sda .... you know how to create a 1400MB partition
mkfs.ext4 /dev/sda1
/dev/sda1 /mnt/iscsi_disk ext4 _netdev,defaults 0 0

cat /etc/iscsi/initiatorname.iscsi --> added here the iSCSI drive, the sda was present even after reboot

dont forget chkconfig iscsid on

== 13. mount iso under /mnt/iso, which is under /root/omg.iso

vi /etc/fstab
/root/omg.iso /mnt/iso iso9660 defaults,loop 0 0

mount -a

== 14. write a script, which shows script one|two if $# -eq 0, when paramete one displays two, when
parameter $1 two display, one, when none of the supported parameters are inserted displays again help

if [ $# = 0 ]
echo "/root/program one|two"
elif [ $1 = "one" ]
echo "two"
elif [ $1 = "two" ]
echo "one"
echo "/root/program one|two"
# chmod a+x /root/program

== 15. add some kernel parameter in the startup sequence kenerl_loop=32

add this end of line whichs starts with kernel
vi /etc/grub.conf

== 16. deny user natasha to use crontab

 yaoyeboa likes this
 Like This